CAPTOR is a set of tools whose main objective is to characterize, identify and detect APT’s as well as minimize their impact in the target organization. CAPTOR should be able to operate in complex environments, like Urban Critical Infrastructures, where IT, industrial, energy and network infrastructures must be protected from security threats.The most important innovation of CAPTOR is the application of a set of techniques and methodologies known as anomaly detection, which will be later explained and an approach more akin to classic intelligence as opposed to the malware-detection-centered approach used by the vast majority of proposed commercial solutions. S2’ s objective is to position CAPTOR as a leading European toolset to protect Critical Infrastructures in general and Urban Soft Targets and Critical Infrastructures in particular.Advances in the integration of ICT technologies in urban areas and their infrastructures have brought undeniable advantages to the cities economic management, inhabitability and have helped to reduce their environmental impact.Unfortunately, together with these advantages, many cyber security vulnerabilities have been introduced in infrastructures where these threats have never before been taken into account. The threat posed by cyber terrorists and cyber criminals continually grows and organizations are increasing their awareness of the possibility of an incident.An APT (Advanced Persistent Threat) is a planned multimodal attack targeted at a specific organization or infrastructure, where several types of malware, under control of a command center is combined with techniques like social engineering, use of insiders or access through third parties, with the objective of gaining access to critical physical or virtual assets and, exfiltrate information, obtain economic advantage or sabotage infrastructures. APTs are the most important kind of cyber attacks a critical infrastructure can suffer today.